Strata Identity pioneered the "Identity Orchestration" category, letting enterprises connect and migrate across incompatible identity providers (Okta, Azure AD, Ping) without rewriting apps, via its Maverics platform and abstraction "identity fabric." Distinctive for authoring open standards (IDQL/Hexa) and cross-IdP failover — the capability that drove its 2026 acquisition by Rubrik.
Acquired by Rubrik (2026) — now Rubrik Identity Continuity.
Series B · $26M · 2023 (total ~$42M); acquired by Rubrik 2026
Readibots (Kanata, Ontario; formerly Cloudbridge) builds READI, an Automation-as-a-Service platform that connects and automates identity tasks across legacy, non-API, and disconnected apps that IGA connectors can't reach. Distinctive for PowerShell-native "start-anywhere" identity automation positioned as a connectivity layer beneath existing IGA, not a replacement.
Monokee is an Italian IAM vendor pairing access management and governance with a low/no-code visual identity orchestrator for workforce and customer identities. Distinctive for drag-and-drop orchestration flows, FIDO/passwordless focus, and decentralized-identity support; a KuppingerCole Rising Star now expanding to the US via subsidiary Pure Identity Corp.
Simeio (Alpharetta, GA) is an identity-security managed-services and advisory firm delivering IAM/IGA/PAM implementation plus its own Identity Orchestrator (IO) platform and managed IDaaS. Distinctive for combining vendor-agnostic advisory, implementation, and 24/7 managed operations at enterprise scale.
SGNL builds a continuous, context-aware authorization platform that enforces zero standing privilege and real-time access decisions (using CAEP) for humans, non-human identities, and AI/MCP agents across SaaS and cloud. Distinctive for dynamic session-level authorization and revocation; acquired by CrowdStrike to power Falcon Next-Gen Identity Security.
PlainID (Tel Aviv / New York) is an enterprise authorization vendor built on Policy-Based Access Control (PBAC), centralizing runtime access decisions across apps, APIs, data, and now agentic AI. Distinctive for defining the "Authorization Management Platform" category Gartner now tracks, with fine-grained externalized policy and an agentic identity platform.
Axiomatics (founded 2006, Stockholm) is a pioneer of dynamic, runtime fine-grained authorization based on attribute-based access control (ABAC) for apps, data, APIs, and microservices. Distinctive as the leading European ABAC/policy-driven Zero Trust vendor; acquired by Italian defense group Leonardo to anchor its NATO-focused Zero Trust portfolio.
Acquired by Leonardo (2025) for NATO Zero Trust portfolio.
ConductorOne is a Portland/San Francisco identity security company founded in 2020 by former Okta product leaders, offering an AI-native platform that unifies identity governance (IGA), access management, and cloud PAM. Distinctive for a consolidation play — hundreds of prebuilt connectors and a modular stack aimed at replacing fragmented legacy tools, now extended to non-human and AI-agent identities.
Veza is a Redwood Shores identity security company founded in 2020 whose platform goes beyond IGA to visualize and control entitlements across human, machine, and AI identities. Its distinctive core is the patented Access Graph, mapping who-can-do-what across data systems, cloud, and SaaS to enforce least privilege — the technology acquired by ServiceNow.
Acquired by ServiceNow (~$1.25B; announced Dec 2025, closed Mar 2026).
Acquired by ServiceNow · ~$1.25B · 2026 (last round Series D $108M at ~$808M)
Zilla Security, founded by serial IGA entrepreneur Deepak Taneja (ex-Aveksa), built a modern SaaS-based IGA platform designed from scratch for cloud/SaaS sprawl. Its distinctive edge is AI-generated entitlement profiles and robotic "Universal Sync" automation that cut access-review effort up to 80%; acquired by CyberArk in February 2025.
YouAttest is an Irvine, California company offering a lightweight, cloud-based IGA tool focused specifically on automating user access reviews and access-certification campaigns for compliance. Its distinctive angle is fast time-to-value and low cost via tight cloud-to-cloud integrations with IdPs like Microsoft Entra ID and Ping Identity, rather than a heavyweight suite.
BalkanID is an Austin, Texas startup (founded 2021) offering an AI-powered access governance and IGA platform built around a patent-pending identity knowledge graph for visualizing entitlements across SaaS and public cloud. Its distinctive focus is intelligent least-privilege enforcement and entitlement discovery across human, non-human, and AI-agent identities.
Andromeda Security is a San Francisco/Los Altos startup delivering an AI-powered identity security platform for human and non-human identities, spanning discovery, access, risk context, and remediation. Its distinctive approach is a data-driven, context-aware architecture that automates entitlement right-sizing and just-in-time access across the full identity lifecycle.
Orchid Security is an Israel/NYC startup (founded Dec 2023, out of stealth Jan 2025) building an identity-first security orchestration platform that uses LLMs to discover applications and assess their authentication/authorization flows without recoding. Its distinctive claim is illuminating enterprise "identity dark matter," with early Fortune 500 customers and a 2025 Gartner Cool Vendor nod.
Lumos is a San Francisco company (founded 2020) that began as an internal "AppStore" for self-service app/access requests and grew into an autonomous identity platform that discovers and manages access across all of an organization's apps. Its distinctive positioning merges SaaS management and identity governance, increasingly driven by AI agents ("Identity Agent Force") for continuous access governance.
Series B · $35M · 2024 (Scale Venture Partners, a16z; total ~$65M)
SailPoint is an enterprise identity security (IGA) leader focused on governing access for human, machine, and now AI-agent identities across complex hybrid environments. Its distinctive edge is a mature, AI/ML-driven identity governance platform (Atlas / Identity Security Cloud) with deep policy, certification, and lifecycle capabilities at Fortune 500 scale.
Saviynt is a cloud-native identity security platform unifying identity governance, privileged access, non-human/AI-agent identity, and identity security posture management in one converged product. Its distinctiveness is a single-platform, "identity as the foundation for the AI era" approach that collapses traditionally separate IGA and PAM tooling.
Raised $700M (KKR-led, Dec 2025) at ~$3B valuation.
$700M growth round · KKR-led · Dec 2025 (~$3B valuation)
Radiant Logic runs an identity data platform (RadiantOne) that unifies fragmented identity data from legacy, cloud, and non-human sources into a single authoritative layer with identity security posture management. Its distinctive niche is being the "identity data fabric" — virtualization, observability, and now AI/MCP-driven remediation beneath the IAM stack.
SecureAuth is a workforce and customer IAM vendor centered on adaptive, risk-based authentication and continuous identity assurance. Its distinctive bet is "continuous identity authority" — real-time, per-action authorization extended to human, machine, and AI-agent identities via its Agentic Authority Platform.
CyberArk is the market leader in privileged access management and machine/secrets identity security, and as of February 2026 operates as the identity security core of Palo Alto Networks. Its distinctiveness is deep PAM plus a broad machine-identity and secrets portfolio now folded into Palo Alto's platform to secure human, machine, and agentic identities.
Acquired by Palo Alto Networks (~$25B, closed Feb 2026) — now PANW's identity core.
Acquired by Palo Alto Networks · ~$25B · closed Feb 2026 (formerly Nasdaq: CYBR)
Okta is the leading independent identity platform spanning workforce (Okta) and customer (Auth0) identity, delivering SSO, MFA, lifecycle, and governance as cloud services. Its distinctive strength is a vendor-neutral, integration-rich identity fabric now extending to agentic identity via its "Okta for AI Agents" blueprint and platform.
Ping Identity is an enterprise identity provider (merged with ForgeRock) covering workforce and customer IAM, SSO, MFA, and orchestration for large regulated organizations. Its distinctiveness is a highly configurable, orchestration-driven platform (PingOne) with strong deployment flexibility and, increasingly, runtime agent authorization and anti-deepfake defenses.
Private (Thoma Bravo-owned; acquired 2022 for $2.8B)
Strivacity is a low-code customer identity and access management (CIAM) vendor built to stand up branded sign-in, registration, and access journeys without custom coding. Its distinctive angle is speed-to-deploy for mid-market and enterprise CIAM, plus a built-in generative-AI assistant for real-time journey and compliance guidance.
$28M total raised (Series A2 $20M, SignalFire-led)
Descope is a developer-first authentication and CIAM platform delivering drag-and-drop auth flows, passwordless login, and MFA via SDKs and no-code workflows. Its distinctiveness is an early, aggressive focus on agentic identity — an Agentic Identity Hub and control plane for authenticating AI agents, MCP servers, and AI-facing APIs.
Stytch is a developer-focused authentication and identity API platform for passwordless, MFA, fraud prevention, and B2B auth. Its distinctive contribution is early agentic-identity infrastructure — Connected Apps and remote MCP authorization that let AI agents act securely on a user's behalf — the capability behind its November 2025 acquisition by Twilio.
Acquired by Twilio (announced Oct 2025; closed Nov 14, 2025).
Astrix is a pioneer in non-human identity (NHI) security, giving enterprises visibility, lifecycle management, and automated remediation for API keys, service accounts, and AI agents across SaaS, cloud, and on-prem. Founded in Tel Aviv; Cisco announced intent to acquire it in 2026 to fold NHI security into Identity Intelligence, Duo, and Secure Access.
Acquired by Cisco (~$250–350M reported, announced 2026).
Token Security is an identity-first security platform for machine identities and AI agents that discovers and right-sizes every non-human identity across cloud, SaaS, and on-prem by integrating with existing identity providers. Distinctive for shipping one of the industry's first MCP servers for agentic AI and NHI security.
Natoma builds an enterprise gateway for the Model Context Protocol (MCP), giving AI agents governed, identity-aware access to a library of out-of-the-box tools and enterprise systems. Founded in 2024 by veterans from Okta, Microsoft, Google, and Salesforce; Snowflake announced intent to acquire it in 2026 to govern agentic access to enterprise data.
Oasis Security built one of the first purpose-built platforms for non-human identity management, discovering, classifying, and governing service accounts, API keys, and workloads across hybrid cloud with policy-driven lifecycle and remediation. Founded in 2022; backed by Sequoia and Accel and distinctive for framing NHI governance as an emerging "Agentic Access" discipline.
Acsense is an IAM resilience platform providing continuous backup, point-in-time recovery, and posture management for cloud identity systems like Okta, closing the gap between disaster recovery and business continuity. Distinctive for defining "identity resilience" as a category.
Aka Identity is an AI-native identity governance and access management platform delivering real-time visibility into access patterns, behaviors, and identity risk across hybrid cloud and on-prem. Founded in 2023 in San Francisco by William Lin and Rob Fry, applying data science to modernize legacy IGA and reduce over-provisioned access.
Beyond Identity is a passwordless, phishing-resistant authentication platform that replaces passwords with device-bound X.509 certificates, cryptographically binding a user's identity to their device for un-phishable MFA. Founded in 2019; reached a $1.1B valuation and is extending hardware-enforced, TPM-backed security into the AI era.
Opal Security is an AI-native access governance platform giving security teams real-time visibility, policy-as-code, and just-in-time least-privilege control over every identity — employees, service accounts, and AI agents — in a single access graph. Distinctive for Paladin, an AI engine that auto-evaluates access requests and escalates only those needing human review.
BeyondTrust is a global leader in privileged access management (PAM) and identity security, protecting "Paths to Privilege" across privileged accounts, sessions, and endpoints. Distinctive for an integrated PAM platform spanning human, machine, and AI-agent identities, and a seven-consecutive-year Leader placement in the Gartner Magic Quadrant for PAM.
PE-owned — Francisco Partners (2018), Clearlake Capital investment (2021)
Delinea is an enterprise PAM and identity security vendor (formed from the Thycotic–Centrify merger) whose platform is powered by Iris AI. Distinctive for pivoting PAM toward continuous, real-time authorization across human, machine, and AI-agent identities, reinforced by its StrongDM acquisition.
StrongDM (now part of Delinea) is a universal/zero-trust privileged access platform built for engineering, DevOps, and AI-driven environments. Distinctive for proxy-based, just-in-time runtime authorization that injects ephemeral credentials into developer workflows across databases, Kubernetes, SaaS, and cloud without disrupting them.
Acquired by Delinea (closed Mar 2026).
~$96M total; $34M Series C (2024). Acquired by Delinea, closed Mar 2026
Britive is a cloud-native privileged access management platform built on Zero Standing Privileges (ZSP). Distinctive as an agentless, multi-cloud PAM using patented just-in-time access that grants temporary, auto-revoked privileges across human users and autonomous AI agents.
Netwrix is a cybersecurity vendor focused on data and identity threats, offering visibility, auditing, and privileged access controls across hybrid environments. Distinctive for a broad, acquisition-built portfolio (Auditor, 1Secure ITDR, Privilege Secure) unifying data security and identity threat detection and response for mid-market and enterprise IT.